By Bastian Shah
Collection and use of big data drive the modern information economy. While big data can produce valuable innovations, it also comes with perils for consumers. In particular, consumers have little ability to protect their privacy online and are unnerved by the hyper-targeted advertising to which they are subjected. In response to these concerns, American states have begun enacting general data privacy laws similar to those passed in Europe. At the same time, the United States Supreme Court has grown wary of laws attempting to restrict companies from distributing and using data for advertising purposes. For instance, in Sorrell v. IMS Health, the Court found that a Vermont statute aimed at preventing targeted advertising by pharmaceutical manufacturers violated the commercial free speech doctrine. Since Sorrell, the constitutionality of data privacy statutes has been ambiguous.
This Note argues that data privacy laws that empower consumers to meaningfully protect their privacy by opting out of unwanted data collection do not violate the commercial free speech doctrine. Part II defines data privacy and summarizes the objectives current data privacy laws seek to achieve. Part III analyzes commercial speech jurisprudence before and after Sorrell and discusses the effect of Sorrell on commercial free speech jurisprudence and data privacy law. Part IV argues that government interest in empowering consumers by giving them meaningful choices in their online privacy is important enough to survive scrutiny under the post-Sorrell commercial free speech paradigm.